Skip to content

Commit 6fc9fe8

Browse files
sarahsanders-dockersarahsanders-docker
authored
Merge pull request #23071 from sarahsanders-docker/roles-permissions-update
security: update roles and permissions
1 parent b4c5adf commit 6fc9fe8

File tree

1 file changed

+56
-42
lines changed

1 file changed

+56
-42
lines changed

content/manuals/security/for-admins/roles-and-permissions.md

Lines changed: 56 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,5 @@
11
---
2-
description: >
3-
Use roles in your organization to control who has access to content,
4-
registry, and organization management permissions.
2+
description: Use roles in your organization to control who has access to content, registry, and organization management permissions.
53
keywords: members, teams, organization, company, roles, access, docker hub, admin console, security
64
title: Roles and permissions
75
aliases:
@@ -11,21 +9,26 @@ weight: 40
119

1210
{{< summary-bar feature_name="General admin" >}}
1311

14-
Organization and company owners can assign roles to individuals giving them different permissions in the organization. This guide outlines Docker's organization roles and their permission scopes.
12+
This guide outlines Docker's organization roles and their permission scopes.
1513

1614
## Roles
1715

18-
When you invite users to your organization, you assign them a role. A role is a collection of permissions. Roles define whether users can create repositories, pull images, create teams, and configure organization settings.
16+
When you invite users to your organization, you assign them a role. A role is a
17+
collection of permissions. Roles define whether users can create repositories,
18+
pull images, create teams, and configure organization settings.
1919

2020
The following roles are available to assign:
2121

22-
- Member: Non-administrative role. Members can view other members that are in the same organization.
23-
- Distributor Member: Restricted-access role. Distributor Members can only view and pull from repositories they’ve been explicitly granted access to. They cannot view other members or teams.
24-
- Editor: Partial administrative access to the organization. Editors can create, edit, and delete repositories. They can also edit an existing team's access permissions.
25-
- Organization owner: Full organization administrative access. Organization owners can manage organization repositories, teams, members, settings, and billing.
26-
- Company owner: In addition to the permissions of an organization owner, company owners can configure settings for their associated organizations.
22+
- Member: Non-administrative role. Members can view other members that are in
23+
the same organization.
24+
- Editor: Partial administrative access to the organization. Editors can
25+
create, edit, and delete repositories. They can also edit an existing team's
26+
access permissions.
27+
- Owner: Full organization administrative access. Owners can manage organization
28+
repositories, teams, members, settings, and billing.
2729

2830
Owners can manage roles for members of an organization using Docker Hub or the Admin Console:
31+
2932
- Update a member role in [Docker Hub](/manuals/admin/organization/members.md#update-a-member-role)
3033
- Update an organization's members or company in the [Admin Console](/manuals/admin/company/users.md#update-a-member-role)
3134
- Learn more about [organizations and companies](/manuals/admin/_index.md)
@@ -34,15 +37,18 @@ Owners can manage roles for members of an organization using Docker Hub or the A
3437

3538
> [!NOTE]
3639
>
37-
> Company owners have the same access as organization owners for all associated organizations. For more information, see [Company overview](/admin/company/).
40+
> Company owners have the same access as owners for all associated organizations. For more information, see [Company overview](/admin/company/).
3841
3942
The following sections describe the permissions for each role.
4043

4144
### Content and registry permissions
4245

43-
The following table outlines content and registry permissions for member, editor, and organization owner roles. These permissions and roles apply to the entire organization, including all the repositories in the namespace for the organization.
46+
The following table outlines content and registry permissions for member,
47+
editor, and owner roles. These permissions and roles apply to the entire
48+
organization, including all the repositories in the namespace for the
49+
organization.
4450

45-
| Permission | Member | Editor | Organization owner |
51+
| Permission | Member | Editor | Owner |
4652
| :---------------------------------------------------- | :----- | :----- | :----------------- |
4753
| Explore images and extensions ||||
4854
| Star, favorite, vote, and comment on content ||||
@@ -59,45 +65,52 @@ The following table outlines content and registry permissions for member, editor
5965
| View teams ||||
6066
| Assign team permissions to repositories ||||
6167

62-
When you add members to a team, you can manage their repository permissions. For team repository permissions, see [Create and manage a team permissions reference](/manuals/admin/organization/manage-a-team.md#permissions-reference).
68+
When you add members to a team, you can manage their repository permissions.
69+
For team repository permissions, see [Create and manage a team permissions reference](/manuals/admin/organization/manage-a-team.md#permissions-reference).
6370

64-
The following diagram provides an example of how permissions may work for a user. In this example, the first permission check is for the role: member or editor. Editors have administrative permissions for repositories across the namespace of the organization. Members may have administrative permissions for a repository if they're a member of a team that grants those permissions.
71+
The following diagram provides an example of how permissions may work for a
72+
user. In this example, the first permission check is for the role: member or
73+
editor. Editors have administrative permissions for repositories across the
74+
namespace of the organization. Members may have administrative permissions for
75+
a repository if they're a member of a team that grants those permissions.
6576

6677
![User repository permissions within an organization](../images/roles-and-permissions-member-editor-roles.png)
6778

6879
### Organization management permissions
6980

70-
The following table outlines organization management permissions for member, editor, organization owner, and company owner roles.
71-
72-
| Permission | Member | Editor | Organization owner | Company owner |
73-
| :---------------------------------------------------------------- | :----- | :----- | :----------------- | :------------ |
74-
| Create teams |||||
75-
| Manage teams (including delete) |||||
76-
| Configure the organization's settings (including linked services) |||||
77-
| Add organizations to a company |||||
78-
| Invite members |||||
79-
| Manage members |||||
80-
| Manage member roles and permissions |||||
81-
| View member activity |||||
82-
| Export and reporting |||||
83-
| Image Access Management |||||
84-
| Registry Access Management |||||
85-
| Set up Single Sign-On (SSO) and SCIM |||\* ||
86-
| Require Docker Desktop sign-in |||\* ||
87-
| Manage billing information (for example, billing address) |||||
88-
| Manage payment methods (for example, credit card or invoice) |||||
89-
| View billing history |||||
90-
| Manage subscriptions |||||
91-
| Manage seats |||||
92-
| Upgrade and downgrade plans |||||
81+
The following table outlines organization management permissions for member,
82+
editor, owner, and company owner roles.
83+
84+
| Permission | Member | Editor | Owner |
85+
| :---------------------------------------------------------------- | :----- | :----- | :----------------- |
86+
| Create teams ||||
87+
| Manage teams (including delete) ||||
88+
| Configure the organization's settings (including linked services) ||||
89+
| Add organizations to a company ||||
90+
| Invite members ||||
91+
| Manage members ||||
92+
| Manage member roles and permissions ||||
93+
| View member activity ||||
94+
| Export and reporting ||||
95+
| Image Access Management ||||
96+
| Registry Access Management ||||
97+
| Set up Single Sign-On (SSO) and SCIM |||\* |
98+
| Require Docker Desktop sign-in |||\* |
99+
| Manage billing information (for example, billing address) ||||
100+
| Manage payment methods (for example, credit card or invoice) ||||
101+
| View billing history ||||
102+
| Manage subscriptions ||||
103+
| Manage seats ||||
104+
| Upgrade and downgrade plans ||||
93105

94106
_\* If not part of a company_
95107

96108
### Docker Scout permissions
97109

98-
The following table outlines Docker Scout management permissions for member, editor, and organization owner roles.
110+
The following table outlines Docker Scout management permissions for member,
111+
editor, and owner roles.
99112

100-
| Permission | Member | Editor | Organization owner |
113+
| Permission | Member | Editor | Owner |
101114
| :---------------------------------------------------- | :----- | :----- | :----------------- |
102115
| View and compare analysis results ||||
103116
| Upload analysis records ||||
@@ -107,9 +120,10 @@ The following table outlines Docker Scout management permissions for member, edi
107120

108121
### Docker Build Cloud permissions
109122

110-
The following table outlines Docker Build Cloud management permissions for member, editor, and organization owner roles.
123+
The following table outlines Docker Build Cloud management permissions for
124+
member, editor, and owner roles.
111125

112-
| Permission | Member | Editor | Organization owner |
126+
| Permission | Member | Editor | Owner |
113127
| ---------------------------- | :----- | :----- | :----------------- |
114128
| Use a cloud builder ||||
115129
| Create and remove builders ||||

0 commit comments

Comments
 (0)